Add firelink config

1 files changed, 163 insertions, 0 deletions

diff --git a/machines/firelink.nix b/machines/firelink.nix
new file mode 100644
index 0000000..ac588e1
--- /dev/null
+++ b/machines/firelink.nix
@@ -0,0 +1,163 @@
+{ config, pkgs, lib, ... }:
+
+let
+  nixpkgs-unstable = import <nixpkgs_unstable> {};
+in
+{
+  imports = [
+    ../config/gaming.nix
+    ../config/ap.nix
+    ../config/common.nix
+    ../config/desktop.nix
+    ../config/yubikey.nix
+  ];
+
+  programs.bcc.enable = true;
+
+  systemd.extraConfig = "DefaultLimitNOFILE=1048576";
+  
+  security.pam.loginLimits = [{
+      domain = "*";
+      type = "hard";
+      item = "nofile";
+      value = "1048576";
+  }];
+
+  virtualisation.libvirtd.enable = true;
+
+  # Streaming test
+  # services.nginx.enable = true;
+  # services.nginx.appendConfig = ''
+  #   rtmp {
+  #     server {
+  #       listen 1935;
+  #       chunk_size 4096;
+  #       application live {
+  #         live on;
+  #         record off;
+  #       }
+  #     }
+  #   }
+  # '';
+
+  systemd.services.duckdns = {
+    description = "Update orbekk.duckdns.org";
+    path = [ pkgs.curl ];
+    after = [ "network.target" ];
+    script = let token = (import ../duckdns-token.nix).token; in ''
+      curl "https://www.duckdns.org/update?domains=orbekk&token=${token}&ip="
+    '';
+  };
+  systemd.timers.duckdns = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnBootSec = "1m";
+      OnUnitInactiveSec = "10m";
+    };
+  };
+
+  services.blueman.enable = true;
+
+  hardware.steam-hardware.enable = true;
+  services.xserver.videoDrivers = [ "amdgpu" ];
+  services.xserver.resolutions = [{x=2560; y=1440;}];
+
+  hardware.cpu.amd.updateMicrocode = true;
+  hardware.enableAllFirmware = true;
+  hardware.enableRedistributableFirmware = true;
+
+  console.font = "ter-i32b";
+  console.packages = [ pkgs.terminus_font ];
+  console.earlySetup = true;
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "nodev";
+  boot.loader.grub.efiSupport = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelModules = [ "kvm-amd" "i2c-dev" ];
+  # boot.kernelPackages = nixpkgs-unstable.linuxPackages_latest;
+
+  systemd.services.monitor-switch-to-me = {
+    description = "Switch monitor to this computer";
+    path = [ pkgs.ddcutil ];
+    script = let target = "0x0f"; in ''
+      # Would like to avoid switching if possible; sadly this doesn't reliably
+      # report other input sources.
+      # ddcutil --mfg HPN getvcp 60 | grep sl=${target} || \
+      ddcutil --mfg HPN setvcp 60 ${target} --sleep-multiplier 4
+      # Prevent from getting executed multiple times in succession.
+      sleep 15
+    '';
+  };
+
+  services.udev.extraRules = ''
+    ACTION!="add", GOTO="display_switch_end"
+
+    # Trigger on Planck keyboard.
+    ATTRS{idVendor}=="feed",\
+      ATTRS{idProduct}=="6060",\
+      RUN+="${pkgs.systemd}/bin/systemctl start --no-block monitor-switch-to-me.service"
+
+    LABEL="display_switch_end"
+  '';
+
+  # boot.kernelPackages = let
+  #   linux_pkg = { fetchgit, buildLinux, ... } @ args:
+  #     buildLinux (args // rec {
+  #       version = "5.6";
+  #       modDirVersion = "5.6.0";
+  #       src = pkgs.fetchgit {
+  #         url = "https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git";
+  #         rev = "v5.6";
+  #         sha256 = "06xddhg04gv9azqikvv98xcv8x6h0x3xy2zc6r7m7jjd28a5bh6j";
+  #       };
+  #       kernelPatches = [];
+  #     } // (args.argsOverride or {}));
+  #   linux = pkgs.callPackage linux_pkg {};
+  # in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux);
+
+  boot.kernelParams = ["amdgpu.dc=1"];
+
+  networking.hostName = "firelink"; # Define your hostname.
+
+  # networking.interfaces.enp37s0.useDHCP = true;
+  # networking.interfaces.enp37s0.macAddress = "3c:97:0e:19:7e:5c";
+
+  system.stateVersion = lib.mkForce "20.03";
+
+  # SSD configuration
+  fileSystems."/" =
+    { device = "/dev/mapper/cryptsystem";
+      fsType = "ext4";
+      options = ["noatime" "discard"];
+    };
+
+  boot.initrd.luks.devices."cryptsystem".device = "/dev/disk/by-uuid/8acc11c2-e540-4561-8c88-34176fca1a72";
+  boot.initrd.luks.devices."cryptsystem".allowDiscards = true;
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/C636-D264";
+      fsType = "vfat";
+    };
+
+  programs.ssh.askPassword = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
+  services.xserver.desktopManager.plasma5.enable = true;
+
+  # 60 fps
+  services.xserver.xrandrHeads =
+    let monitor  = name: {
+      output = name;
+      monitorConfig = ''
+        ModeLine "3840x2160" 594.00 3840 4016 4104 4400 2160 2168 2178 2250 +hsync +vsync
+        Option "PreferredMode" "3840x2160_60"
+      '';
+
+    }; in
+    [
+      (monitor "HDMI-A-0")
+      (monitor "HDMI-A-1")
+    ];
+}
+